oski | ee812fa860c2283da910b616bdf55a14d88520af3e727cbe875f37ac962e8fd3 | Triage

Submit
Reports

Overview

overview

Static

static

AWB-9899691012.exe

windows7_x64

AWB-9899691012.exe

windows10_x64

Sharing

General

Target

AWB-9899691012.cab
Size

456KB
Sample

210401-s7k3al1mb2
MD5

6bab3cd877188d3730b838e75e82b9c0
SHA1

e056d3faea77552bf712fda0daaec65726142aa8
SHA256

ee812fa860c2283da910b616bdf55a14d88520af3e727cbe875f37ac962e8fd3
SHA512

04775b724f1c52600b74b184c0e2a64381b0c7523991a372dbe1a58fbd43870568a27ebaa008687758da542bcecd0987516a84c96dd9630d2f8a9fa8d8a9b746

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

AWB-9899691012.exe

Resource

win7v20201028

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AWB-9899691012.exe

Resource

win10v20201028

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

http://45.85.90.220

Targets

- Target
  
  AWB-9899691012.exe
- Size
  
  708KB
- MD5
  
  ec57669d9ea9b2ce78acd0962dd37761
- SHA1
  
  175f43377e8df78601a8c93a6885025647b95e56
- SHA256
  
  9dbdfcb4749e6e441ca65cf71d75944cf90111832d10b8048b70cfe084b6e675
- SHA512
  
  20a34130753d3bf5249727f80cf2d6f34cc771837b89796fed700e04b76928a98bf81a5433696d6b4e4c29dea9848586fab1b9de7b5eaed214ef67d06ea42d38
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy